admin

In his opening keynote presentation kicking off the second day of this year’s Infosecurity North America conference in New York, the technical director of cybersecurity threat operations center for the NSA, Dave Hogue, talked about how innovations in policy, technology, and people can lead to break-through results in one of the largest 24-7-365 operational environments across the

It’s months past when the EU’s General Data Privacy Regulations (GDPR) went into effect, and many are wondering, “Where are we now?” Among the many aspects of the GDPR talked about at today’s Infosecurity North America conference, Nashira Layade, SVP, CISO at Realogy Holdings Corp., and Elena Elkina, partner at Aleada Consulting, spent a bit

Security researchers are urging parents to think twice about buying GPS-enabled smart watches to keep their children safe, after revealing that scores of models are riddled with vulnerabilities. Pen Test Partners’ initial research detailed security issues with the MiSafes device first launched three years ago. The idea, like all similar devices, is that it keeps

MPs are unhappy at the government’s response to their committee report on cybersecurity skills in critical infrastructure (CNI), claiming it fails to address the immediate challenges facing the industry. The Joint Committee on the National Security Strategy published its initial report in July, claiming the skills gap in the sector was “cause for alarm” and that

A Japanese minister in charge of cybersecurity has shocked lawmakers after revealing that he doesn’t use a computer, and struggles to grasp the concept of a USB stick. Yoshitaka Sakurada, 68, is deputy chief of the government’s cybersecurity strategy office. However, responding to an independent lawmaker at a Lower House Cabinet Committee meeting this week, he’s

A new report looked at the number of companies that allow users to access corporate data on personal devices and found that most organizations enabling BYOD lack proper security controls, according to Bitglass. With the advent of the cloud, more employees are taking advantage of being able to work from anywhere at anytime on any

The CEOs of BlackBerry and Cylance held a media conference this morning after announcing news of an acquisition. BlackBerry announced that it has finalized an agreement in which it will acquire Cylance for $1.4 bn in cash, plus the assumption of unvested employee incentive awards. With Gartner citing security as the top barrier to successful

by Paul Ducklin A security researcher recently figured out how to stash the complete works of Shakespeare in a single tweet, which sounds like a really neat way to conceal private data right in public eye… …but the “hiding place” is pretty obvious once you know what to look for. You end up with a

by Lisa Vaas The US, China and Russia are some of the big names that are missing from the list of signees of the Paris Call for Trust and Security in Cyberspace: an initiative designed to establish international etiquette with regards to the internet, including coordinating disclosure of technical vulnerabilities. French President Emmanuel Macron announced

by Lisa Vaas There was the sound of breakers tripping in all seven of the grid’s low-voltage substation, and then, the station was plunged into darkness. It was the worst possible scenario: swaths of the country’s grid had already been offline for a month, exhausting battery backups at power plants and substations alike. What would

by Danny Bradbury The epidemic of Twitter-based Bitcoin scams took another twist this week as attackers tweeted scams directly from two verified high-profile accounts. Criminals sent posts from both Google’s G Suite account and Target’s official Twitter account. Cryptocurrency giveaway scams work by offering money to victims. There’s a catch, of course: They must first

by Danny Bradbury We’ve had fake videos, fake faces, and now, researchers have developed a method for AI systems to create their own fingerprints. Not only that, but the machines have worked out how to create prints that fool fingerprint readers more than one time in five. The research could present problems for fingerprint-based biometric

by Lisa Vaas MiSafes, the maker of surveillance devices meant to track kids, is back in the news. This time it’s due to the company’s smartwatches that researchers say are drop-dead simple to hack. Pen Test Partners has found that attackers can easily eavesdrop on children’s conversations; track them; screw with the geofencing so that

by Lisa Vaas Christine Sullivan was stabbed to death on 27 January 2017, in the kitchen of the New Hampshire home where she lived with her boyfriend. Her friend, Jenna Pellegrini, was also murdered that day, in an upstairs bedroom. There might have been a witness who heard Sullivan’s murder as it happened, given that

by Paul Ducklin This week: hacking phones at Pwn2Own, the brand new SophosLabs Threat Report, and squeezing Shakespeare into one tweet. Also, RIP James Lewis Pond, known to Mac users the world over as Pondini, whom we talked about in last week’s podcast but didn’t do justice to. With Anna Brading, Paul Ducklin and Mark

The authors thank their colleagues Oliver Devane and Deepak Setty for their help with this analysis. McAfee Labs researchers have discovered new Russian malware, dubbed WebCobra, which harnesses victims’ computing power to mine for cryptocurrencies. Coin mining malware is difficult to detect. Once a machine is compromised, a malicious app runs silently in the background

If we asked database administrators, security teams, and risk teams about their definition of what database security is, the answers would vary widely. Each team views the definition based on their own requirements, but the one answer that most likely won’t appear is: “To protect data.” Traditionally, database security has always been seen as a

Holiday stress. Every year, come November, my resting heart rate starts to rise: the festive season is approaching. Not only is there so much to do but there’s so much to spend money on. There are presents to purchase, feasts to prepare and party outfits to buy. Throw in a holiday to fill the long

At the end of last year, a survey revealed that the most popular password was still “123456,” followed by “password.” These highly hackable choices are despite years of education around the importance of password security. So, what does this say about people who pick simple passwords? Most likely, they are shooting for a password that is

You aren’t going to like this post. However, you will, hopefully, find yourself nodding and perhaps, even making some changes because of it. Here it friends: That love-hate relationship you have with your smartphone may need some serious attention — not tomorrow or next week — but now. I’m lecturing myself first by the way.

Windows 10 users don’t have to wait much longer for the support of latest WPA3 Wi-Fi security standard, a new blog post from Microsoft apparently revealed. The third version of Wi-Fi Protected Access, in-short WPA3, is the next generation of the wireless security protocol that has been designed to make it harder for attackers to

In 1999, Bruce Schneier wrote, “Complexity is the worst enemy of security.” That was 19 years ago (!) and since then, cyber security has only become more complex. Today, controls dramatically outnumber staff available to support them. The Bank of America has a $400-million cyber budget to hire security staff and implement a broad array

It’s Patch Tuesday once again…time for another round of security updates for the Windows operating system and other Microsoft products. This month Windows users and system administrators need to immediately take care of a total of 63 security vulnerabilities, of which 12 are rated critical, 49 important and one moderate and one low in severity.

At Pwn2Own 2018 mobile hacking competition held in Tokyo on November 13-14, white hat hackers once again demonstrated that even the fully patched smartphones running the latest version of software from popular smartphone manufacturers can be hacked. Three major flagship smartphones—iPhone X, Samsung Galaxy S9, and Xiaomi Mi6—were among the devices that successfully got hacked

A security researcher has disclosed details of a critical vulnerability in one of the popular and widely active plugins for WordPress that could allow a low-privileged attacker to inject malicious code on AMP pages of the targeted website. The vulnerable WordPress plugin in question is “AMP for WP – Accelerated Mobile Pages” that lets websites

Tesla is now taking orders for the Model 3 from customers in China, according to its website. Reuters was the first to report that Tesla is taking orders in China. Tesla won’t confirm or comment on the information published on its own China-focused website. Tesla CEO Elon Musk did say in a tweet Thursday that

When WarnerMedia announced last month that it would be shutting down its streaming service FilmStruck, the team at the Criterion Collection said it would be looking for a new digital home. Today, Criterion announced that it will be building that home itself — namely, launching a streaming service called The Criterion Channel. The company remains

The only sure things in this life, according to Ben Franklin, are death and taxes. And a new startup called Visor has just raised $9 million in financing to make one of them as painless as possible. Unlike Nectome, Visor won’t kill anyone, but it may ring the death knell for the high end tax advisors that most

The turmoil continues at facial recognition startup Kairos. Last night, Kairos founder Brian Brackeen filed a counter lawsuit against Kairos and its interim CEO Melissa Doval that seeks $10 million in damages. Kairos is a facial recognition startup that has become well-known for its stance to never sell to law enforcement. At Disrupt SF 2018,

When Equidate, a venture-backed secondaries marketplace based in San Francisco, closed its most recent round of funding with $50 million four months ago, it was hardly a surprising bet on the part of its backers. As startups linger ever longer as private companies, more people are looking to lock up shares wherever they can find